Artificial intelligence has penetrated not only our everyday lives but also businesses and is now gradually being integrated into the activities of attackers and information security mechanisms. According to a recent survey, many global cyber leaders are concerned about generative AI's impact on cybersecurity. AI helps increase adversarial capabilities in areas such as phishing, malware development, deepfakes, etc.

Therefore, cyber guards are looking for ways to increase the role of neural networks in strengthening the security of companies' network perimeters and enhancing the efficiency of detecting and preventing attacks. About 55% percent of organizations plan to adopt AI-related cybersecurity solutions within the year. However, security experts also see some risks ranging from fake security alerts to the replacement of people in a number of professions.

In which cybersecurity processes and products can neural networks be used now? How much will they increase the efficiency of incident detection and response? Will this alleviate staff shortages or, conversely, lead to unemployment? Let's try to find answers to these and other questions.

AI's Rise in Cybersecurity

These solutions can solve specific problems such as external attack surface management (EASM), threat detection, vulnerability assessment, and automated incident response, achieving results comparable to those of human intellectual activity.

Over the past few years, technologies associated with large language models and deep learning have created a boom in the IT market, sparking discussions about some of AI's creative abilities. However, in the field of information security, AI is approached with greater caution. This industry requires a more responsible attitude towards the results of AI activities.

There is not yet enough data on which these models can be trained to bring significant benefits to information security. Therefore, a boom in AI within the field of information security has not yet been observed.

AI may surpass humans in terms of volume and speed of data processing, but not yet in the quality of this processing. Therefore, AI requires double-checking of its results. However, it can definitely help ease the workload and lower labor costs. So far, there is no extensive application of such models in the information security industry, but they do help solve specific problems.

The Necessity of Artificial Intelligence

There is a need for artificial intelligence in information security, but most companies are not yet ready for full implementation. Currently, companies trust AI with routine tasks, and as a result, the corresponding technologies are not yet deeply integrated into information security. For this situation to change, it is necessary to collect more input data and extensively train in-house data scientists and other specialists to work with artificial intelligence.

The main reason for introducing AI into cybersecurity is the increasing amount of data that humans can no longer manage. This is especially important given the current personnel shortages. The growing demands and maturity of customers drove the initial use of AI. In the future, AI could solve tasks that humans cannot perform, such as distinguishing users by their online behavior (keystroke speed, text input, mouse movements, etc.)

AI in the Hands of Cybercriminals

It is worth remembering that cybercriminals also use AI to automate their actions, such as phishing and creating deepfakes. Attackers are trying to automate their activities in order to increase the effectiveness of attacks and reduce their costs.

Artificial intelligence allows them to create phishing emails that are difficult to distinguish from real ones. Attackers also use large language models to write code and exploits. In addition, ChatGPT can provide advice on specific steps to carry out cyber-attacks.

Nowadays, tools for collecting user data (through bots and social networks) have developed significantly, and their use for training artificial intelligence has expanded. Attackers are also taking advantage of this.

Current Applications of AI in Cybersecurity

Although this is just the beginning, customers are already able to automate cybercrime investigations, identify anomalies and deviations in employee behavior, and analyze non-text data, including voice recognition, image analysis, and computer vision. AI is also actively used in anti-fraud systems.

Artificial intelligence can also help analyze large amounts of data and identify patterns that standard correlation rules cannot always detect. AI can be used to develop program code securely and analyze and fix vulnerabilities. AI is also used to create attack profiles. Additionally, it is possible to use large language models at the Linux kernel level for data analysis.

It is technically possible to use AI to directly respond to threats, but it is the company's responsibility to trust the decisions of such models or not. People are better at it.

AI Usage Recommendations

AI is trained on terabytes of data from almost all over the world. When it comes to information security, labeled data sets are used. In the absence of any markup/labeling, developers and information security specialists may not understand the output data provided by the trained artificial intelligence. To solve this problem, it is necessary to train specialists to interpret such data. For now, it is possible to use AI solutions for which data interpretation does not require special training of people.

Experts advise large customers to start their AI journey by focusing on automating enterprise management using AI tools. Small and medium-sized customers should consider products that utilize behavioral analytics. Additionally, it is important to configure your DLP (Data Loss Prevention) system to work with all incoming data.

AI vs. Humans in Cybersecurity

Many infosec professions will not disappear because of AI; instead, they will evolve and take on new functions. Cybersecurity, being a highly responsible field, will see technology and AI assisting in decision-making rather than making decisions on their own. In the future, the division of labor could look like this: humans make the key decisions while AI handles the grunt work and prepares reports.

AI can reduce the amount of spam, fake alerts, and false positives coming from information security tools that operators must handle. This will allow cybersecurity officers to focus on more complex and important tasks, as well as more creative activities.

Artificial intelligence can take over routine work, but it will not replace human creativity. A neural network can be useful in aggregating data, but it will not become a proficient developer, as real people, hackers, always find holes in software and networks.

This is one of the reasons why it is very difficult to use AI in the process of proactive detection of malicious activity in computer networks, also known as Threat Hunting. AI works on the basis of trained data and cannot identify threats that are not represented in these datasets.

In addition, neural networks do not always provide reliable information, so it is important to monitor and verify their results. Overall, I am sure AI will not "take away the jobs" of information security specialists.

The Future of AI in Cybersecurity

AI will first be tested in IT and then penetrate deeper into the information security area. Companies will have to overcome issues related to data interpretability and quality.

In my opinion, AI will develop in bursts, and we can expect significant growth in technology and competencies over the next five years.

In the next few years, AI will be used for automation, optimization, and behavioral analytics. Over the next ten years, we may see the introduction of new AI-powered products and further advancements in model training. We should not forget about possible attacks on artificial intelligence.

There is no need to introduce AI just for the sake of implementation. It is necessary to set tasks that will force the company to use artificial intelligence. First of all, practical tasks should be solved, efficiency and productivity should be increased.

Conclusion

There is more and more data in the world, the volume of which is beyond the ability of an ordinary person to process. For this purpose, we use the capabilities of artificial intelligence, which has already become a part of everyday life. However, its use in information security is not yet so widespread. Firstly, there is not enough data on which neural networks can be trained. Secondly, there are not enough specialists who can interpret the data received from AI.

At the same time, information security companies widely use these technologies to search for anomalies, simplify decision-making, categorize incidents, etc. This not only saves resources but also allows employees to improve their skills and take on more responsible and creative tasks. It is worth noting that AI is not capable of replacing people but is intended to assist them in their work.